Defect #7843 ยป ajax_session_reset.patch
| public/javascripts/application.js (working copy) | ||
|---|---|---|
| 299 | 299 |
} |
| 300 | 300 |
}); |
| 301 | 301 | |
| 302 |
/* shows and hides ajax indicator */ |
|
| 302 |
/* |
|
| 303 |
* 1 - registers a callback which copies the csrf token into the |
|
| 304 |
* X-CSRF-Token header with each ajax request. Necessary to |
|
| 305 |
* work with rails applications which have fixed |
|
| 306 |
* CVE-2011-0447 |
|
| 307 |
* 2 - shows and hides ajax indicator |
|
| 308 |
*/ |
|
| 303 | 309 |
Ajax.Responders.register({
|
| 304 |
onCreate: function(){
|
|
| 310 |
onCreate: function(request){
|
|
| 311 |
var csrf_meta_tag = $$('meta[name=csrf-token]')[0];
|
|
| 312 |
|
|
| 313 |
if (csrf_meta_tag) {
|
|
| 314 |
var header = 'X-CSRF-Token', |
|
| 315 |
token = csrf_meta_tag.readAttribute('content');
|
|
| 316 |
|
|
| 317 |
if (!request.options.requestHeaders) {
|
|
| 318 |
request.options.requestHeaders = {};
|
|
| 319 |
} |
|
| 320 |
request.options.requestHeaders[header] = token; |
|
| 321 |
} |
|
| 322 |
|
|
| 305 | 323 |
if ($('ajax-indicator') && Ajax.activeRequestCount > 0) {
|
| 306 | 324 |
Element.show('ajax-indicator');
|
| 307 | 325 |
} |
| app/views/layouts/base.rhtml (working copy) | ||
|---|---|---|
| 5 | 5 |
<title><%=h html_title %></title> |
| 6 | 6 |
<meta name="description" content="<%= Redmine::Info.app_name %>" /> |
| 7 | 7 |
<meta name="keywords" content="issue,bug,tracker" /> |
| 8 |
<%= csrf_meta_tag %> |
|
| 8 | 9 |
<%= favicon %> |
| 9 | 10 |
<%= stylesheet_link_tag 'application', :media => 'all' %> |
| 10 | 11 |
<%= stylesheet_link_tag 'rtl', :media => 'all' if l(:direction) == 'rtl' %> |